Brillen.de recently faced a significant data leak, revealing over 3.5 million customer records online. This breach exposed potentially sensitive information, including customers' names, addresses, emails, mobile numbers, gender, birth dates, and order details such as invoice amounts and dates.

Details of the Data Breach

According to Cybernews, the data was found on an unsecured Elasticsearch instance that did not require any authentication. The exposed data primarily contained records from Germany, with approximately 2.46 million entries, along with 961,000 from Spain and 90,000 from Austria. Researchers discovered this vulnerability on August 8, and the data was subsequently taken offline by August 10 after being reported, although Brillen.de did not provide further comments.

Potential Risks and Concerns

The duration for which the data remained publicly accessible remains unknown. Often, such open databases are indexed by search engines, making them accessible to unauthorized users. This opens avenues for cybercriminals to exploit the data through identity theft or phishing scams.

No Official Confirmation Yet

Brillen.de's data protection officer was reportedly unaware of the breach as of the reporting time. The Brandenburg state data protection office had not immediately responded to inquiries concerning any notification of the incident. This leaves questions about the incident's recognition and the subsequent steps undertaken by the company to address the breach and protect customer data.

Related Incidents

This incident adds to a growing list of cyber vulnerabilities affecting organizations. A recent ransomware attack interrupted operations of approximately 450 youth hostels in Germany, highlighting the persistent threat from cybercriminals. Meanwhile, some presumed data leaks, like those affecting Kleinanzeigen in September, were later identified as false alarms.

For more in-depth coverage, you can read the original article from Heise.